what is ocsp.digicert.com

  • 24 January 2016
  • 1 reply
  • 22158 views

I recently had a case where both of the browsers on my PC (FF and Edge) kept trying to make an outbound connection to ocsp.digicert.com. Webroot didn't flag it as a problem, but I also run Malwarebytes, which blocked it. Uninstalling/reinstalling FF didn't help. I had to restore my PC to a restore point made a week earlier to get rid of the constant outbound connection attempts.
 
Afterwards, I also found that Malwarebytes wouldn't scan my computer. I would start a scan and it would stop 1-2 seconds later with a "clean PC" report. I reinstalled MWB and it seems to work ok now.
 
Just to be on the safe side, I also reinslatted Webroot, but I'm a little disappointed that it didn't catch any problems - assuming I had a problem.
 
What is ocsp.digicert.com and is it something bad?
 
 

1 reply

Userlevel 7
Hi eman623
 
Welcome to the Communitgy Forums.
 
From what I can see from my research we have a conundrum here as on the one hand OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources. The other, older method, which OCSP has superseded in some scenarios, is known as Certificate Revocation List (CRL).
 
But on the other hand there is apparently a malicious side to all of this as Ocsp.digicert.com is apparently a dangerous domain associated with spam activities, that usually infects Chrome, Firefox and IE with installation of free software & adware.
 
Now this is what we know in the Community as a PUA or Potentially Unwanted Application. This one apprently constantly pops up when you open your start page or click links on webpage or do searching on Google. In most cases, it opens new tabs to display bogus software update recommendations or spam virus removal warning, and that the the downloads promoted by ocsp.digicert.com are all ad-support software.
 
Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools. But they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
 
The key to avoiding them is to make sure that when downloading apps one does so from the author's own website or one that they have recommended, and not 3rd party downloading site.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
To make sure that your WSA is checking for PUA's with the best proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
 
  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.
If that does not helps and you feel or consider yourself technically proficient then you can try these steps to remove it from your system.
 
And if that does not work or you do not feel technically capable then the best thing to do is to Open a Support Ticket & ask Webroot Support to take a look and remove these for you.  There is NO CHARGE for this for valid WSA license holder.
 
I hope that assist with the clarification of the subject?
 
Regards, Baldrick

Reply